SAP RZ11: Parameter (login/fails_to_session_end) Limit Logon Attempts

Before we learn to limit logon attempts we need to know parameter -

What is a parameter?

Parameter is the set of keys and values to manage the SAP system.There are two types of parameters -

1. Static: - It needs a restart. It doesn't effect to the system immediately once you set the value for it.
2. Dynamic: - It does not need restart. It effects to the system immediately once you set the value for it.

How to view a parameter?

Step 1) Execute T-code RZ11.
 

Step 2)

1. Put parameter name "login/fails_to_session_end" in text-field.You can put any Parameter name.
2. Click Display

Step 3) The screen below shows the current value set for the parameter by the admin
 

In order to change a parameter, click the pencil icon and make desired changes

Important Parameters to limit login attempts

• login/fails_to_session_end: This parameter specifies the number of times that a user can enter an incorrect password before the system ends the logon attempt. The parameter is to be set to a value lower than the value of parameter
• login/fails_to_user_lock: This parameter specifies the number of times that a user can enter an incorrect password before the system locks the user against further logon attempts. Default value is 12. You can set it to any value between 1 and 99 inclusive.